5 Security Algorithms - 01 Aug 1998

Microsoft supports five security algorithms in NT 5.0 IPSec. These algorithms are HMAC MD5 and HMAC SHA for authentication, and DES, DES-CBC, and 3DES for encryption.

Hash Message Authentication Code (HMAC) is a secret-key algorithm. HMAC provides data integrity and origin authentication through a digital signature produced by a keyed hash function. Message Digest version 5 (MD5) algorithm is a hash function that can produce a 128-bit value. Secure Hash Algorithm (SHA) is a hash function that can produce a 160-bit value. By virtue of its increased bit value, HMAC SHA is more secure than HMAC MD5 but requires a slightly longer processing time.

Data Encryption Standard (DES) is an encryption algorithm defined and
endorsed by the US government as an official standard. It breaks a message into
64-bit cipher blocks and encrypts each block using a 40-bit or 56-bit key. The
US government prohibits exporting 56-bit DES. When DES works under the Cipher
Block Chaining (CBC) mode (i.e., DES-CBC), it applies an exclusive OR operation
to each 64-bit plain-text block with the previous cipher block before encrypting
the block with the DES key. DES-CBC is more secure than DES. In triple DES
(3DES), DES encrypts each cipher block three times, making 3DES far more secure
than DES. The more secure the algorithm IPSec uses, the more processing time the
algorithm requires.